Oh Goodie
And it's a Friday too :-(
Microsoft may have given us a mere 55 CVEs to worry about on November's Patch Tuesday, but AMD and Intel have together topped that number with fixes for their products. AMD alone revealed 50 new CVE-listed bugs this week, 23 of them rated of "high" concern, meaning they're rated at between 7.0 and 8.9 on the Common …
The fact that one man’s bug list is another’s product catalogue is the stuff of fiction that impinges upon realities energising nightmares and forced interventions in defence of vulnerabilities increasingly easily exploited by creative elements and disruptive agents, oft eventually subsequently painted as either genuine genii or malcontented miscreants alike.
And the fact/situation that an attack on such events with any plan to impose sanctions and/or punishments on perceived leaderships is an affront and assault on the emergence and utility of novel imagination and prime virgin intelligence, and whenever in perverse terrifying support of a stagnating status quo, is IT gravely to be regarded, whenever such powers are wrongly abused/ill used/targeted for severe punitive consequences are virtually guaranteed on worthy personnel responsible and accountable for the advent and spread of misery and systems enslavement ....... in another alternate way of looking at and understanding such an Internetworking of Things*
Are you a Perl programmer? ..... steelpillow
Hmmm? Well ..... putting all joking aside, steel pillow, and now that you have asked ...... I suppose the only honest surreal answer to that question is ...... Yes, maybe I can be, and in any of its many possible guises from the sublime, Practical Extraction and Reporting Language right through to a ridiculous, Pathologically Eclectic Rubbish Lister.
It would be a mistake though to imagine there be any specific defining label indicating there be an available confinement in any sort of vessel or particular allegiance to any favourite program or project, for such is a false and misleading assumption or presumption to make.
Have a beer. It’s Friday already again, and that’s what some folk live for.
And to put it simply, it just takes too much development time ...... so that by the time they have subjected their code to the rigour that WE desreve and are paying for, their darling of the day has vapourised away ............
Where is the profit in that approach, sorry business case........
ALF
FFS! It's almost like the people developing this stuff just don't think about security at all.
Oh they do, they do. Just not the end-user's security. Ensuring DRM works, and that you cannot prevent signed binary blobs provided by the manufacturer from running in Ring minus<whatever> means the manufacturer and others have full access to the hardware you paid for and think you own/control. Hollywood and the three-letter-agencies are very concerned about security. Just not yours.
Remember, being able to audit the software you run and block software you don't trust is what allows terrorists to plan their nefarious acts in secret.
Hollywood and the three-letter-agencies are very concerned about security. Just not yours.Remember, being able to audit the software you run and block software you don't trust is what allows terrorists to plan their nefarious acts in secret. .... Norman Nescio
Yes, Norman Nescio, although once one knows how all such things work from the shadows of shade and the deep and dark and dank and rank recesses of the quite newly ancient and postmodern webs of diabolical intrigue and heavenly intervention, one is most unlikely to ever forget that is how the likes of a Hollywood and three-letter-agencies, who would certainly need to be rightly concerned about their own continued security cover and carte blanche protection provisioned via the cold cruel fragile comfort of immunity from persecution and prosecution and impunity of action, allow terrorists to plan their nefarious acts in relative secrecy.
And furthermore, whenever such is discovered and uncovered to be the case, only a certified fool and deranged tool would not expect the undivided attention of Remedial Special Forces Exercising Engagement and Employment and Enjoyment of Advanced IntelAIgent Sources .
* And that exclamatory interrogative is targeted specifically at Future MODernised Systems Administrations and their leaderships** which are subject to likely overwhelming attacks from such as are Novel Noble Virtual Indestructible Vectors.
** .... one Western exemplar being the likes of a General Sir Nicholas Patrick Carter, GCB, CBE, DSO, ADC Gen
Ironic that so many critical flaws in the PSP. You would that is one bit where they would be extra vigilant.
Perhaps, that is a blessing in disguise and the flaws can be used to improve our security by offering a way to disable or at least effectively neutralize the abomination that it is.
SPI is a trasmission standerd....from wiklpedia
The master (controller) device originates the frame for reading and writing.
Presumably it could be sent a an authenticated and compromised instruction thus routing to a very different memory (ram) address...
...eprom is a missnomer these days it related
to physically earasing the chip with ... a coded die and the re-imaging it with uv light ....now days they can be re-flashed in situ with sofrware (hopefully from a trused authentication point ) so two fir two in this case
To a generation of us, SPI is and always will be the US publisher of board wargames, Simulations Publications Inc.
The IT angle is that it KNEW via computer analysis of customer feedback exactly what would sell and in what sort of numbers... and still managed to go bust.
If AMD and Intel cared about security and saving money - instead of pleasing the intelligence agencies they have a contract with to place network accessible blackdoors in every CPU - then they would release the source so they could get thousands of security researchers analyzing and improving the code for free!